COVID-19: The Risks and Rewards of Remote Videoconferencing
The past few weeks have demonstrated that companies across all industries and sectors face daily pressure as they adapt to doing business in the era of the coronavirus (COVID-19). Many have responded creatively, by offering solutions for their employees and customers to minimize disruptions while implementing remote working directives in compliance with government stay-at-home orders. These changes include the exponentially increased use of remote video and teleconference options, like Zoom and WebEx. In March 2020, Zoom Video Communications, Inc. founder and CEO Eric S. Yuan reported that Zoom had reached more than 200 million daily meeting participants, both free and paid, a 1,000% increase from 10 million meeting participants in December 2019. It is no surprise that companies have turned to these platforms - Zoom, WebEx, and similar platforms enable both small and large groups to meet and share information and documents in real time, help reduce business disruptions, and keep companies, employees, and customers connected.
The Risks
It is imperative that companies and individuals who use these platforms are fully aware of their risks. The Federal Bureau of Investigation already has issued warnings regarding security breaches and hijackings involving Zoom’s platform and offered informal guidance to mitigate teleconference hijacking (called “Zoom-bombing”), including warning users not to make meetings public, not to share access links on unrestricted, publicly available social media platforms, to manage screensharing options, and to use the most up-to-date software versions available.
In addition to risks associated with potential security and access breaches, users also should be mindful of the potential for regulators, litigants, and other law enforcement agencies to issue subpoenas, civil investigative demands, or other requests for information seeking recordings of and other information about these virtual meetings in connection with regulatory, civil, and criminal investigations. While telephone and videoconference recordings always have been subjects of interest, the increased usage of these platforms in recent weeks means that regulators’ interests in them are sure to rise as well.
The Rewards Require Precautions
Both Zoom and WebEx enable recording of meetings. Before recording any virtual teleconference or videoconference, users should weigh several legal and practical considerations connected to such use. First, users must understand the laws and regulations relating to recording telephone and video conversations. Jurisdictions often impose different rules depending on the participants involved (internal versus external) and the nature of the recording (public shareholder meeting versus internal human resources team meeting), and companies should understand all the different laws that may apply to the recordings at issue. For example, in Virginia, it generally is not unlawful for one person to record a conversation in which he or she is a party; [1] whereas, in California, both parties’ consent is required. [2] Likewise, many federal courts prohibit recording court proceedings, [3] and those rules have been extended to include court proceedings being conducted remotely through Zoom and similar platforms. [4] Failing to account for these requirements could open up companies to criminal charges relating to unlawful wiretapping and/or subject them to other penalties for unauthorized use. Before undertaking any recording, companies should seek advice regarding applicable laws that may regulate or prohibit such practices.
Second, users must also understand and consistently apply data and document creation and retention policies, including policies regarding determining which meetings should be recorded in the first place and, if created, how, for how long, and where those recordings are stored. Companies recording and storing recordings of Zoom or other remote videoconference meetings should consult information technology personnel (either internal or external) to ensure that proper encryption and protection methods are in place for sensitive and other confidential information. Having effective polices in place, and following them, enables companies to perform their data retention and storage obligations consistently, thereby reducing the risk of noncompliance and enabling effective retrieval in the event of a subpoena or civil investigative demand from regulators or other law enforcement.
Finally, as with other aspects of business during COVID-19, companies should plan to review and, as necessary, revise polices and decisions regarding recording remote teleconference and videoconference meetings. Making real-time adjustments to policies and procedures in response to changing and evolving COVID-19 conditions will be a crucial tool for companies to facilitate risk mitigation and effective use of these tools.
Benefits for the Future
COVID-19 has created opportunities for companies and their employees to offer and implement innovative solutions to keep businesses running. Doing business remotely means that companies must pay special attention to the likelihood that these new solutions will pique the interest of regulators. Those companies that master how to manage the risks in order to reap the rewards of remote videoconferencing will have an operational advantage today and in the future.
If you wish to discuss your use of remote teleconferencing and videoconferencing platforms during and after the COVID-19 pandemic, or would like advice about regulatory, civil, or criminal enforcement matters, please contact one of our White Collar Government and Investigations team members.
[1] See generally, Va. Code. 19-62.
[2] See generally Cal. Penal Code § 632.
[3] See, e.g., E.D. Va. Loc. Civ. R. 83.3; S.D.N.Y. Loc. Civ. R. 1.8; N.D. Cal. General Order No. 58.
[4] See, e.g., E.D. Va. General Order 2020-11 (issued April 6, 2020); https://www.cand.uscourts.gov/notices/notice-regarding-press-and-public-access-to-court-hearings-april-3-2020/ (N.D. Cal. Updated April 20, 2020).